draft-ietf-rtgwg-yang-key-chain-16.txt   draft-ietf-rtgwg-yang-key-chain-17.txt 
skipping to change at page 1, line 16 skipping to change at page 1, line 16
Expires: September 28, 2017 Huawei Expires: September 28, 2017 Huawei
D. Yeung D. Yeung
Arrcus, Inc Arrcus, Inc
I. Chen I. Chen
Jabil Jabil
J. Zhang J. Zhang
Juniper Networks Juniper Networks
March 27, 2017 March 27, 2017
Routing Key Chain YANG Data Model Routing Key Chain YANG Data Model
draft-ietf-rtgwg-yang-key-chain-16.txt draft-ietf-rtgwg-yang-key-chain-17.txt
Abstract Abstract
This document describes the key chain YANG data model. Key chains This document describes the key chain YANG data model. Key chains
are commonly used for routing protocol authentication and other are commonly used for routing protocol authentication and other
applications requiring symmetric keys. A key chain is a list of applications requiring symmetric keys. A key chain is a list of
elements each containing a key string, send lifetime, accept elements each containing a key string, send lifetime, accept
lifetime, and algorithm (authentication or encryption). By properly lifetime, and algorithm (authentication or encryption). By properly
overlapping the send and accept lifetimes of multiple key chain overlapping the send and accept lifetimes of multiple key chain
elements, key strings and algorithms may be gracefully updated. By elements, key strings and algorithms may be gracefully updated. By
skipping to change at page 18, line 7 skipping to change at page 18, line 7
description description
"Indicates whether AES Key Wrap encryption is enabled."; "Indicates whether AES Key Wrap encryption is enabled.";
} }
} }
} }
} }
<CODE ENDS> <CODE ENDS>
5. Security Considerations 5. Security Considerations
This document enables the automated distribution of industry standard The YANG module defined in this document is designed to be accessed
key chains using the NETCONF [NETCONF] protocol. As such, the via network management protocols such as NETCONF [NETCONF] or
security considerations for the NETCONF protocol are applicable. The RESTCONF [RESTCONF]. The lowest NETCONF layer is the secure
NETCONF protocol mandates confidentiality (section 2.2 of [NETCONF]. transport layer, and the mandatory-to-implement secure transport is
Similarily, the RESTCONF protocol also mandates confidentiality Secure Shell (SSH) [NETCONF-SSH]. The lowest RESTCONF layer is
(section 1.1 of [RESTCONF]). If a transport not mandating HTTPS, and the mandatory-to-implement secure transport is TLS [TLS].
confidentiality is used, it is RECOMMENDED that the transport
communication channel be encrypted. The NETCONF access control model [NETCONF-ACM] provides the means to
restrict access for particular NETCONF or RESTCONF users to a pre-
configured subset of all available NETCONF or RESTCONF protocol
operations and content.
When configured, the key-strings can be encrypted using the AES Key When configured, the key-strings can be encrypted using the AES Key
Wrap algorithm [AES-KEY-WRAP]. The AES key-encryption key (KEK) is Wrap algorithm [AES-KEY-WRAP]. The AES key-encryption key (KEK) is
not included in the YANG model and must be set or derived independent not included in the YANG model and must be set or derived independent
of key-chain configuration. of key-chain configuration.
The key strings are not accessible by default and NETCONF Access The key strings are not accessible by default and NETCONF Access
Control Mode [NETCONF-ACM] rules are required to configure or Control Mode [NETCONF-ACM] rules are required to configure or
retrieve them. retrieve them.
skipping to change at page 20, line 10 skipping to change at page 20, line 14
[CRYPTO-KEYTABLE] [CRYPTO-KEYTABLE]
Housley, R., Polk, T., Hartman, S., and D. Zhang, Housley, R., Polk, T., Hartman, S., and D. Zhang,
"Table of Cryptographic Keys", RFC 7210, April 2014. "Table of Cryptographic Keys", RFC 7210, April 2014.
[IAB-REPORT] [IAB-REPORT]
Andersson, L., Davies, E., and L. Zhang, "Report from the Andersson, L., Davies, E., and L. Zhang, "Report from the
IAB workshop on Unwanted Traffic March 9-10, 2006", RFC IAB workshop on Unwanted Traffic March 9-10, 2006", RFC
4948, August 2007. 4948, August 2007.
[NETCONF-SSH]
Wasserman, M., "NETCONF over SSH", RFC 6242, June 2011.
[NTP-PROTO] [NTP-PROTO]
Mills, D., Martin, J., Burbank, J., and W. Kasch, "Network Mills, D., Martin, J., Burbank, J., and W. Kasch, "Network
Time Protocol Version 4: Protocol and Algorithms Time Protocol Version 4: Protocol and Algorithms
Specification", RFC 5905, June 2010. Specification", RFC 5905, June 2010.
[OSPFV3-AUTH] [OSPFV3-AUTH]
Bhatia, M., Manral, V., and A. Lindem, "Supporting Bhatia, M., Manral, V., and A. Lindem, "Supporting
Authentication Trailer for OSPFv3", RFC 7166, March 2014. Authentication Trailer for OSPFv3", RFC 7166, March 2014.
[RESTCONF] [RESTCONF]
skipping to change at page 20, line 31 skipping to change at page 20, line 38
Protocol", RFC 8040, January 2017. Protocol", RFC 8040, January 2017.
[TCP-AO] Touch, J., Mankin, A., and R. Bonica, "The TCP [TCP-AO] Touch, J., Mankin, A., and R. Bonica, "The TCP
Authentication Option", RFC 5925, June 2010. Authentication Option", RFC 5925, June 2010.
[TCP-AO-ALGORITHMS] [TCP-AO-ALGORITHMS]
Lebovitz, G. and E. Rescorla, "Cryptographic Algorithms Lebovitz, G. and E. Rescorla, "Cryptographic Algorithms
for the TCP Authentication Option (TCP-AO)", RFC 5926, for the TCP Authentication Option (TCP-AO)", RFC 5926,
June 2010. June 2010.
[TLS] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol", RFC 5246, August 2008.
[YANG-CRYPTO-KEYTABLE] [YANG-CRYPTO-KEYTABLE]
Chen, I., "YANG Data Model for RFC 7210 Key Table", draft- Chen, I., "YANG Data Model for RFC 7210 Key Table", draft-
chen-rtg-key-table-yang-00.txt (work in progress), chen-rtg-key-table-yang-00.txt (work in progress),
November 2015. November 2015.
Appendix A. Examples Appendix A. Examples
A.1. Simple Key Chain with Always Valid Single Key A.1. Simple Key Chain with Always Valid Single Key
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
 End of changes. 4 change blocks. 
9 lines changed or deleted 18 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/